Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series, we are visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We have reviewed Lextegrity Product Suite, taken a deep dive into continuous risk monitoring, considered pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 4, I visit with Bonitatibus on pre-approvals and third-party due diligence.

We began with a discussion of the pre-approval process and third-party due diligence monitoring tools that Lextegrity has developed. Bonitatibus initially noted that often times the business folks see the compliance function as the department of holding things up. This led the Lextegrity team to look at questions such as “how do you build a system that is easy to use, intuitive gets users in and out of the system and gets them the answers they need as quickly as possible?”

The Lextegrity platform starts from the perspective of bringing all of your business pre-approvals together in one platform. This means business users must only go to one place to interact with the compliance function and any employee only needs to learn one compliance system. This can replace the myriad of company purchases of a third-party solution, a gifts, travel and entertainment (GTE) solution, disclosure system even to perhaps a separate conflict of interests solution. Even with a GRC vendor, who might have different modules that cover all of those processes, but even they do not necessarily talk to one another.

The Lextegrity difference is that it can build workflows unique to your business. Bonitatibus noted the solution has workflows in 14 languages, soon to be 20. It can provide customers with template content, across multiple questionnaires. There is a library of content which based on an internal review of enforcement actions and other public source documents, all of which are configurable. She went on to say, “we implemented multiple workflows in over a dozen languages in a hundred countries and less than 90 days, in a new tech driven compliance program. That’s what makes our software really powerful.”

We then turned to the question of how companies are in many cases not using the pre-approval workflows efficiently. One of the pillars of Lextegrity is to be more data driven across all of our products, including in the pre-approval workflow. “The Lextegrity solution embeds analytics and thresholds directly into the preapproval process, which provides approvers with data to inform their decisions. This means you are not simply looking at the information which is provided by the submitter or the requester. It expands out to things like aggregate spend and aggregate frequency. For example, how many gifts has this government official already received? How much has this particular healthcare professional received in the context of a meal or a consulting fee?”

The important component of any such analysis is to not look at this data “in a vacuum, but rather   in context of other similarly situated requests.” Bonitatibus further explained “from a recipient perspective, compare one doctor to other doctors who are also receiving meals or consulting fees. Is this an outlier in comparison to those types of data points? Then the same analysis from a submitter perspective.” Here you might look at has a particular submitter input requests that are outside the norm of people that are in similar positions? As Bonitatibus mused, “in my former life, as an in-house compliance professional, this would have been a game changer from my perspective and have given myself and my colleagues a lot more comfort in decision-making.”

We then turned to third-party due diligence and the Lextegrity solution. Bonitatibus admitted this was her biggest frustration as an in-house compliance professional as she was responsible for her company’s third-party due diligence program. There was no “holistic third-party risk management tool around third parties.” She channeled that frustration to help create a solution to better manage this most significant of compliance risks. The information needed for a robust holistic management of third-parties includes where your third-party population resides, both by market and region. But it also includes third parties from vendors to sales agents so that you need to be able to look at “a universe of third parties.”

What the Lextegrity solution provides is a way to “pull from a vendor master or customer master lists” so that company business administrators can master the system data and ensure that it is as clean as possible. Another key differentiator for Lextegrity is that the solution allows for tracking activity at an engagement level of existing platforms out there which focus strictly on the initial engagement, a higher level of engagement such as a Master Services Agreement with a third party. If scope creep starts, with more business users or functions using that same third party to engage them for some other type of business purpose, you can be aware of it. Finally, and perhaps most significantly, the Lextegrity risk scoring component provides true end to end risk management of your third-party base care.”

Join us tomorrow where explore integrations and the user experience with Bonitatibus.

For more on Lextegrity, check out their website here.

Richard Lummis is on assignment this week so I am pleased to host Rod Robertson. Robertson is the Managing Directors at Briggs Capital. In this episode, we discuss how much Baby Boomers can learn from Millennials and GenZs and how business culture will change as they and the next generation move into the workplace. We have a special shout out to Edward Gibbon’s Decline and Fall of the Roman Empire.

Highlights include:

  • The work of Briggs Capital.
  • What is a ‘no show’ transaction?
  • What does the phrase “dependents of the pandemic” mean?
  • Why employers should allow canines in the office.
  • Why is this issue so important to GenZers and Millennials?
  • What does this issue teach us OWG (old white guys) about listening to and managing GenZers and Millennials?
  • How does Goldman Sachs and its 100-hour work week for junior employees fit into broader context of managing Millennials?
  • What do companies and individuals need to be thinking about into 2025 and beyond regarding managing GenZers and Millennials?

APRIL 15, 2021 BY TOM FOX

In today’s edition of Daily Compliance News:

  • Bernie Madoff dies. (WSJ)
  • Gensler confirmed. (WaPo)
  • HSBC moves senior management from London to Hong Kong. (FT)
  • The $100bn player (Coinbase). (CNN)

Welcome to a multi-part podcast series, Smart Automation for Risk Management, sponsored by Lextegrity Inc. Over the course of this series we will be visiting with Parth Chanda, Founder and Chief Executive Officer (CEO), Andy Miller, Chief Analytics Officer, and Kara Bonitatibus, Head of Product. We are reviewing the Lextegrity Product Suite, taking a deep dive into continuous risk monitoring, considering pre-approvals and third-party due diligence and integrations and user experience. In a special bonus episode, Chanda and I will discuss the Integrity and Analytics Collective. In Episode 3, I conclude my two-part visit Miller about risk monitoring with data analytics.

We began with the Department of Justice’s (DOJ) 2020 Update to the Evaluation of Corporate Compliance Programs, (2020 Update), which mandated for the first time that compliance practitioners and the corporate compliance function have access to a company’s data lakes. Miller believes the DOJ 2020 Update has really been an eye opener for a lot of risk professionals and companies out there that they “need to do better.” Compliance professionals should have access to their own data as risk professionals, they need to have a plan and an actual program to monitor their company’s data. This works directly on the first two prongs of any compliance program; to prevent and detect actions which could be fraudulent, corrupt such as bribery, or other actions which could put your company in danger. This is even more true in 2021 as the DOJ is ramping up their enforcement efforts. Lextegrity provides a continuous monitoring solution that provides compliance and audit teams with a comprehensive way to keep a pulse on transactional spend and revenue risk.

Miller emphasized the key is that your continuous monitoring solution should be flexible and curable to your specific company. The Lextegrity platform provides analyses that are broken out in a variety of areas to look for specific types of risk in that general risk-based area. It allows you to identify transactions that could be associated with some wrongdoing like bribery, corruption or fraud. However, what many compliance professionals struggle with is separating the wheat from the chaff. In other words, they are bogged down in the details of a transaction such as gifts, travel and entertainment (GTE) spend, lack of approvals on discounts or third-party issues and do not have the ability to step back and look at a bigger picture.

This is where the Lextegrity platform is so powerful. It allows a deep dive into each step in the cycle, such as QuoteToCash and ProcureToPay, so that each part of the transaction can be seen. How can you both see the dots and connect the dots in a more macro view of risk? Miller said Lextegrity is thinking about that bigger picture of risk is because many customers are looking to connect the dots. What the Lextegrity solution provides is “to bring in that transactional data in as robust of a fashion as possible.” I asked him for an example. Miller said, “I’ll give you an example with vendor spend. When we look at that vendor spend data coming from SAP or Oracle, we’re not just bringing in the payment, we’re actually bringing in the payment that was made across eight different invoices. And then from each one of those invoices, we’re digging into the actual invoice detail that came along with that, the invoice line-item detail, the purchase order information, as well as the purchase requisition details at every one of those steps of the business process.” While each view could provide a small amount of detail that could be relevant from a risk perspective, it may not go into this identification of risk in that transaction as a whole. However, when you add “information coming from the financial side of the house, this provides accounts which can impact an organization from an expense perspective as there “lot of good clues there.”  But then you can supplement that data with other information, such as information from the Human Resources (HR) master file. This allows you to look at who approved the Purchase Order (PO) who requested the purchase requisition and then who approved the ultimate payment or invoice, and how does your network look in regard to the overall transaction. This allows a much more holistic approach to the overall data.

We concluded by considering what connecting all these dots might look like. Miller said that by  “connecting the dots of risk you start to see other things happen, you catch an exception in this area and now you say, well, so-and-so was a major part of that. Let’s see what else they’ve touched in this area or looking at the cross impact between employee spend and vendor spend, and then be on that in the compliance space”. You can also cross-reference hotline reports, due diligence metrics, audit reports, training completion data and indeed “all this other program information that compliance has a hand into that can feed into this transactional data.” It can truly provide to you the broadest look at your compliance risk.

Join us tomorrow where we explore pre-approvals and third-party due diligence with Kara Bonitatibus.

For more on Lextegrity, check out their website here.

In this edition of Cordery Head to Head @ Home Cordery’s Jonathan Armstrong talks to Claudia Natanson.  Claudia is the former Chief Security Officer of The Department for Work and Pensions (DWP) the UK’s largest Government department.  Prior to that, she had a distinguished career as a security professional and Chief Information Security Officer at blue-chip organizations including Diageo and BT.

Claudia and Jonathan talk about:

  • how Claudia first became involved in cybersecurity.
  • current threats including phishing and cybersecurity and the rise of criminal activity during the pandemic.
  • the importance of human behavior in dealing with those threats.
  • the future of cybersecurity and how the profession might become more diverse.

You can find out more about Claudia here http://securitypractitioners.com/Aboutus.aspx

Jonathan and Claudia also discuss the Blackbaud ransomware attack.  There is more on this here: https://bit.ly/blackcrack.

You can find out more about Cordery and its work here https://www.corderycompliance.com/.

You can also read about current issues in dealing with the pandemic here https://www.corderycompliance.com/category/covid19/

You can also find out more about Cordery’s experience of cybersecurity issues here https://www.corderycompliance.com/category/cyber-security/

You can view more Cordery Head to Head interviews here www.bit.ly/corderytv.